Lucene search

[email protected]CVE-2016-5815

HistoryFeb 13, 2017 - 9:59 p.m.

CVE-2016-5815

2017-02-1321:59:00

CWE-284

[email protected]

web.nvd.nist.gov

cve-2016-5815

schneider electric

power meters

no authentication

unauthorized access

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.9%

JSON

An issue was discovered on Schneider Electric IONXXXX series power meters ION73XX series, ION75XX series, ION76XX series, ION8650 series, ION8800 series, and PM5XXX series. No authentication is configured by default. An unauthorized user can access the device management portal and make configuration changes.

Affected configurations

NVD

Node

schneider-electricion5000Match-

schneider-electricion7300Match-

schneider-electricion7500Match-

schneider-electricion7600Match-

schneider-electricion8650Match-

schneider-electricion8800Match-

CPENameOperatorVersion
schneider-electric:ion5000schneider-electric ion5000eq-
schneider-electric:ion7300schneider-electric ion7300eq-
schneider-electric:ion7500schneider-electric ion7500eq-
schneider-electric:ion7600schneider-electric ion7600eq-
schneider-electric:ion8650schneider-electric ion8650eq-
schneider-electric:ion8800schneider-electric ion8800eq-

CPE	Name	Operator	Version
schneider-electric:ion5000	schneider-electric ion5000	eq	-
schneider-electric:ion7300	schneider-electric ion7300	eq	-
schneider-electric:ion7500	schneider-electric ion7500	eq	-
schneider-electric:ion7600	schneider-electric ion7600	eq	-
schneider-electric:ion8650	schneider-electric ion8650	eq	-
schneider-electric:ion8800	schneider-electric ion8800	eq	-

CNA Affected

[
  {
    "product": "Schneider Electric IONXXXX Series Power Meter Vulnerabilities",
    "vendor": "n/a",
    "versions": [
      {
        "status": "affected",
        "version": "Schneider Electric IONXXXX Series Power Meter Vulnerabilities"
      }
    ]
  }
]

References

www.securityfocus.com/bid/94091

ics-cert.us-cert.gov/advisories/ICSA-16-308-03

7.5 High

CVSS2

Attack Vector

NETWORK

Attack Complexity

LOW

Authentication

NONE

Confidentiality Impact

PARTIAL

Integrity Impact

PARTIAL

Availability Impact

PARTIAL

AV:N/AC:L/Au:N/C:P/I:P/A:P

9.8 High

CVSS3

Attack Vector

NETWORK

Attack Complexity

LOW

Privileges Required

NONE

User Interaction

NONE

Scope

UNCHANGED

Confidentiality Impact

HIGH

Integrity Impact

HIGH

Availability Impact

HIGH

CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

9.4 High

AI Score

Confidence

High

0.002 Low

EPSS

Percentile

58.9%

JSON

Related for CVE-2016-5815

prion1 cvelist1 nvd1 ics1